Firewalls: cisco access list quest -- IP options and tiny frags

Firewalls
(June 1996)

Indexed By Thread: [Previous] [Next]

Subject:	cisco access list quest -- IP options and tiny frags
From:	Chris Kostick <ckostick @ csc . com>
Date:	Fri, 21 Jun 1996 17:17:55 -0400
To:	"'firewalls @ greatcircle . com'" <firewalls @ greatcircle . com>

I tried this on the cisco newsgroup with no response. I thought
some bright person on this list would know.

I want to be able to have an access list rule that will prevent
packets with IP options from going through the router. Is there
a way of doing this? If it's specific to a particluar IOS then please
let me know.

As a follow-up, I'm interested in eliminating tiny fragments. I.e.
ones where the Fragment Offset = 1. How can I do this in an access
list? Thanks for any info.


P.S. Andrew M., I know you're reading this and thinking about how
an NSC router can take care of this *no problem*, but I really
need the answer for a cisco. :)

--
Chris

Indexed By Date	Previous:	Re: Pilot Network Services From: Richard Stiennon <richards @ netrex . com>
Indexed By Date	Next:	Brent re firewalls mailing list From: Cynthia Deno <cynthia @ usenix . ORG>
Indexed By Thread	Previous:	[no subject] From: Del Hundley <dhundley @ cvent . net>
Indexed By Thread	Next:	Re: cisco access list quest -- IP options and tiny frags From: Michel Lavondes <lavondes @ tidtest . total . fr>